Article Content

SID800 errors when enrolling a smart card logon certificate: a "key generation failed"When we use a brand new RSA SID-800 token (fresh out of the box) we see consistent errors when enrolling a smart card logon certificate: a "key generation failed" dialog is displayed on screen but no certificate request is received at the Microsoft online Issuing-CA (and no errors are posted in the CA log or in any Windows event log). The problem persists if we try other new USB smart tokens. However, if we drop back to using a smart token that has been used successfully in the past (or even back to using some older model-B2 tokens that we have in stock and were also used earlier), the enrollment succeeds. Once an enrollment succeeds, it appears that smart card logon certificate enrollments using new tokens also start working? This problem symptom has been seen on multiple Vista-SP2 client workstations but, to date, has not been seen on a Win7-SP2 workstation.

Resolution

The SID800 firmware needs to be updated from 3.0 to 3.1The SID800 firmware needs to be updated from 3.0 to 3.1

Download the latest RSA USB Firmware Update Utility from SCOL.

Here is information on the SID800 firmware update: ***** The two changes were: 1. Fix for Vista and Windows 7 smart card timeout of 5 seconds. The fix is to send request for more time from the USB chip whenever the smart card chip requests more time. 2. Was for Windows 7 device recognition. The USB firmware emulates a Microsoft Plug and Play applet.